You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by jo...@apache.org on 2008/10/16 21:56:14 UTC
svn commit: r705341 -
/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
Author: johnh
Date: Thu Oct 16 12:56:13 2008
New Revision: 705341
URL: http://svn.apache.org/viewvc?rev=705341&view=rev
Log:
Url escaping text spat out on error condition in proxy servlet to ensure no XSS is possible.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java?rev=705341&r1=705340&r2=705341&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java Thu Oct 16 12:56:13 2008
@@ -21,6 +21,7 @@
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
+import org.apache.shindig.common.util.Utf8UrlCoder;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpResponse;
@@ -58,7 +59,7 @@
UriBuilder url = UriBuilder.parse(urlToValidate);
if (!"http".equals(url.getScheme()) && !"https".equals(url.getScheme())) {
throw new GadgetException(GadgetException.Code.INVALID_PARAMETER,
- "Invalid request url scheme in url: " + urlToValidate +
+ "Invalid request url scheme in url: " + Utf8UrlCoder.encode(urlToValidate) +
"; only \"http\" and \"https\" supported.");
}
if (url.getPath() == null || url.getPath().length() == 0) {